Revision as of 18:16, 27 February 2013

About

The purpose of this page is to provide greater clarity to the methodology of the OWASP Top 10 project. This page will provide information on the data and individuals involved in the top 10, the current processes, suggestions to improve involvement and participation, and also an FAQ to cover common questions & concerns.

This is a wiki and editable by anyone with an owasp account. Please constructively contribute to the conversation. Additional discussions should also take place within the OWASP top 10 mailing list.

Current Methodology

Data sources accepted from a variety of companies including:

<dave> List involved data sources here

Data & professional opinion used to create initial Top 10 rankings and items

<dave> List involved individuals here

Public comment period of RC1 from February through end of March

All comments evaluated and top 10 updated appropriately by:

<dave> List involved individuals here

All comments and responses posted publicly

<dave> RC2 issued?

Final version published

Current Data Sources

Suggested Enhancements

Use a public wiki to capture feedback - mailing lists are tough and things get lost

Establish a Top 10 panel to evaluate and make final decisions on inclusion & ranking